My servers don't accept clear sessions or weak ciphers on my FTP ports. I constantly see bots (sometimes multiple ones) hitting pure-ftpd in my logs for hours. IE:
pure-ftpd: ([email protected]) [INFO] New connection from 154.89.5.82
pure-ftpd: ([email protected]) [WARNING] Sorry, cleartext sessions and weak ciphers are not accepted on this server.#012Please r
Sometimes I'll manually block it as Cphulk doesn't appear to do anything with them.
1. Is there a way to have Cphulk block this?
If not, I see others have installed fail2ban as a secondary measure for things that CPhulk doesn't cover?
2. Is that still the acceptable method?
I've used fail2ban on other servers, but not cPanel.
3. Do the two play ok together?
I'd assume so it's just another log monitor with additional rules, cpanel has an article about installing it (simple), which I'd figured if there was an issue they'd mention it there.
Thank you,
-sactobob
pure-ftpd: ([email protected]) [INFO] New connection from 154.89.5.82
pure-ftpd: ([email protected]) [WARNING] Sorry, cleartext sessions and weak ciphers are not accepted on this server.#012Please r
Sometimes I'll manually block it as Cphulk doesn't appear to do anything with them.
1. Is there a way to have Cphulk block this?
If not, I see others have installed fail2ban as a secondary measure for things that CPhulk doesn't cover?
2. Is that still the acceptable method?
I've used fail2ban on other servers, but not cPanel.
3. Do the two play ok together?
I'd assume so it's just another log monitor with additional rules, cpanel has an article about installing it (simple), which I'd figured if there was an issue they'd mention it there.
Thank you,
-sactobob
